Would it be a good idea security-wise to store salts with their last character removed, and then bruteforce the last character to further the amount of time it would take to create rainbow tables and ...

I'm making an auth service so I've been looking for some good Java/Groovy implementations of password + salt hashing. I've found this article on crackstation along with a code example and decided to ...

I understand PCI DSS 3.0 allows hashes of cardnumbers to be stored separately from encrypted values, but I'm startled at the efficiency of tools like hashcat in discovering card numbers from hashed ...

I have to synchronise small sets of data between two or more systems over an insecure network. First I have to check that the other system has the same unique identification information for the data ...

Assuming I currently use a safe way to salt-challenge-response-authentication-method, passwords are stored secured and all.
I now question myself - how do users set the password?
Meaning, they enter ...

I understand that some KDFs bundle the salt with the output, such as bcrypt (modular crypt format).
In PKCS5_PBKDF2_HMAC (specifically, looking at OpenSSL implementation) with a single iteration, is ...

I'm not very familiar with encryption and new to this, I'm just learning it right now by code review of one of the class we have in an application to encrypt a password using AES. Would anyone explain ...

When users register on my site, I want to store their username and hashed password in my database. When I hash that password, I'm going to salt it using PHP.
The issue is, I don't want to store the ...

I'm helping my friend with hashing his passwords, and I've a question - Should he use one secret string as salt for hashing or is it better to have each user its own salt for hashing?
Consider these ...

Today I discovered something incredibly stupid - my friend hashes user passwords with sha512 algorithm without a salt. I immediately raised this issue to him but he said he wants to see anyone crack a ...

If a website stores passwords as a salted hash, is it reasonable to accept similar passwords as correct?
For example, given the password stackexchange, does it dramatically decrease security if the ...

I am dealing with a system (in development) that uses randomly generated (not user provided), unique, strings to authenticate services that will consuming an API. Right now, these strings are stored ...

I have to write some login module for Java EE application.
Previously i was using JBoss security - provided login and password, called HttpServletRequest with login method and JBoss security did the ...

I work for a firm that has a marketplace on the web. We want to make a link with a token that stops an ad on the marketplace without the user being logged in.
Someone suggested that we make a token ...

I'm asking my question here since I was not able to find an answer anywhere.
I have written a piece of software which stores pretty delicate passwords. I have used BCrypt as hashing algorithm with an ...

I'm currently conducting research regarding MySQL server remote authentication. I've captured unencrypted, uncompressed authentication packets between the client and the server where the username is ...

I'm currently going through a course on software security. I've recently been introduced to the idea of password salting, where a random value is concatenated to a password prior to being hashed and ...

My manager says we don't need to salt our passwords because people are not likely to use the same password because they all have different native languages, in addition to the websites they are active ...

Assumption used: all password that I've used have been salted with some random elements before hashed and stored somewhere in their database.
If my previous password exists only as salted-hashes in ...

I've been reading up on password storage and such, and have come to the conclusion that I need to be using bCrypt.
I've got an implementation working correctly, but I'm wondering the best way to move ...

How can I create a password, which when directly hashed (without any salt) with md5 will return a string containing the 8 characters "SALT ME!". The hope is that a naive developer browsing through his ...

I don't really understand how salting works. I read the Wikipedia article, but I still don't understand how can a system authenticate a salted hash?
Let's say a user chooses a password. It's randomly ...